Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1468
Views
0
Helpful
3
Replies

MACsec vs IPsec/GRE

Go to solution
Jeff Horton
Beginner
Beginner

‎06-23-2020 10:16 AM

Does the MACsec sufficiently encrypt data (multicast, .etc) on the Cisco 9000 series switch so that I don't have to worry about deploying GRE/IPsec?

 

Thoughts?

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert

‎06-23-2020 01:00 PM

GRE/IPsec is usually used for connecting multiple sites together over the Internet (WAN connection). On the other hand, MACsec is for host to switch encryption or between switches. So, two different functions.

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/sec/b_166_sec_9300_cg/macsec_encryption.html

HTH 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert

‎06-23-2020 01:00 PM

GRE/IPsec is usually used for connecting multiple sites together over the Internet (WAN connection). On the other hand, MACsec is for host to switch encryption or between switches. So, two different functions.

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/sec/b_166_sec_9300_cg/macsec_encryption.html

HTH 

 

0 Helpful

Go to solution
Jeff Horton
Beginner
Beginner
In response to Reza Sharifi

‎06-23-2020 01:40 PM

So if I read correctly what you are saying, then MACsec would be good for the switch to switch connection and no need for GRE/IPsec?

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert
In response to Jeff Horton

‎06-23-2020 02:25 PM

So if I read correctly what you are saying, then MACsec would be good for the switch to switch connection and no need for GRE/IPsec?

That is correct.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents